Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
458
Views
5
Helpful
4
Replies

ACS authentication issue

chicagotech
Level 1
Level 1

‎05-06-2008 12:06 PM - edited ‎03-10-2019 03:49 PM

I have configured Cisco ACS v4.1 to control network accessing. When a domain user logon, it takes a few seconds to logon using credentials. However, it takes around 1 minute to get the authentication successfully. The problem is the computer can't talk to the DHCP and DC when logon. The network status shows Limits or not connectivity. The ipconfig shows it uses auto ip address 169.254.x.x. To obtain an IP or talk to the DC, the user needs to enter ipconfig /renew or re-logon. How do you troubleshoot it?

Labels:
0 Helpful
4 Replies 4

Jagdeep Gambhir
Level 10
Level 10

‎05-07-2008 06:13 AM

Do you have machine authentication configured ? If not then you need to set it up.

The main purpose of Machine Authentication is to actually log you into the domain as if you were connected via a wired connection. It allows you to have startup scripts run and drive mappings occur.

Machine authentication--ACS authenticates the computer prior to user authentication. ACS checks the credentials that the computer provides against the Windows user database. If you use Active Directory and the matching computer account in Active Directory has the same credentials, the computer gains access to Windows domain services."

Regards,

~JG

Do rate helpful posts

chicagotech
Level 1
Level 1
In response to Jagdeep Gambhir

‎05-07-2008 09:53 AM

Thank you for the reply.

Yes, I do have the machine authentication. Remember if re-logon or renew ip, it works. The ACS log shows the authentication is successful.

Also I am using wired not wireless. Any other suggestions?

0 Helpful

Jagdeep Gambhir
Level 10
Level 10
In response to chicagotech

‎05-07-2008 11:41 AM

Don't think this is a radius issue. This might help

http://support.microsoft.com/default.aspx?kbid=822596

Regards,

~JG

0 Helpful

chicagotech
Level 1
Level 1
In response to Jagdeep Gambhir

‎05-07-2008 12:01 PM

Thank you for the link. I think the problem is it takes too longer to get the authentication (over 1 minute). For example, the computer has logon using credentials, the port led is still orange. I also find if we don't re-logon or renew the IP, the computer will receive a good IP automatically in 5 minutes. The problem is the user doesn't have mapping because it doesn't run logon script from the DC.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents